BEST AVAILABLE COPV 



SENSOR 





FLIGHT 
CONTROL 
COMPUTER 


7 


c ^ 

ACTUATOR 













FIG.1 



11 



10- 



PROCESSOR 



12 



14- TASK 



15- TASK 



16H 
17- 



TASK 



EXECUTIVE 
TASK 



MEMORY 



13 



1 



FIG. 2 





T1 




10 



T 2 



15 



Ml 



20 
T 3 



J I L 



25 



30 



FIG. 3 



c-c(t) 



i i i i i i i i 

' ' ' 



I- IDLE TIME — 



I I I I I I I I I t 1 l l l l 

■H- — I h — I 1-— I 1 — I — I 1— -I — t— +- -I — t- - 

I I I I I I I I I I I I I I I 



C(t) 1! 



t 2 - 



TIMELINE 
SLACK 



FIG. 4 



i i i i i i i r 

-H-T-H-H-T-H-r-l- 
I I I I I I I I 



H- IDLE TIME — 



1 



0 



C(f) 



RECLAIMED 
SLACK 



— C^ TIMELINE 

SLACK 



FIG. 5 




FIG. 7 




FIG. 8 




0 4 5 10 14 15 20 24 _ 26 30 

25 

FIG. 10 



8 10 12.5 15 



20 



23 25 



30 



FIG.1 1 




FIG. 15 



RECLAIMED FROM P1 




FIG. 16 



P3 P3 P3 

RECLAIMED TIMELINE RECLAIMED 
P3 FROM P1 SLACK FROM P2 




0 5 10 15 20 25 30 



FIG. 17 



103 




SCHEDULE TASKS IN A TIME-PARTITIONED SYSTEM 
ACCORDING TO A RATE MONOTONIC ALGORITHM 

THE TASKS INCLUDE BOTH ESSENTIAL AND 
NON-ESSENTIAL TASKS 



105 



DETERMINE AVAILABLE SLACK (E.G. COLLECT 
UNSCHEDULED EXECUTION TIME FROM ONE OR MORE 
TIME PARTITIONS) 



• DETERMINE TIMELINE SLACK 

• DETERMINE RECLAIMED SLACK 



NO 
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POOL THE AVAILABLE SLACK IN A SLACK POOL THAT IS 
AVAILABLE TO TASKS IN MORE THAN ONE TIME 
PARTITION (E.G. USE A SINGLE SET OF SLACK 
ACCUMULATORS AND TIMELINE SLACK COMPUTATIONS) 
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ALLOCATE SLACK TO TASKS IN MORE 
THAN ONE TIME PARTITION 



• THE TASKS THAT ARE ALLOCATED SLACK INCLUDE 
APERIODIC, NON-ESSENTIAL TASKS 

• THE TASKS THAT ARE ALLOCATED SLACK INCLUDE 
NEW NON-ESSENTIAL TASKS AND ENHANCEMENTS TO 
ESSENTIAL TASKS 
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Notation 



Description 



H 



The task in a process with priority level i. In 
traditional RMA, r { is a single thread and the whole 
system is a single partition. In DEOS, we call r { an 
aggregate thread. There are many threads running at 

the same rate in DEOS. So, i f t f , lf t it 2 t { . n t - 

are all the threads defined for rate f , r { is the 
sequence of these threads when run back-to-back. This 
representation allows us to consider slack only in 
terms of rates and not in terms of threads which 
potentially helps performance significantly. 
The number of distinct (aggregate) threads allowed in 
the system. This number is fixed at system power up. 
The time between dispatches of r { . We assume without 
loss of generality that 7\ < T z < . . . z T n . T { is 
also called the period of r { . In DEOS, strict 
inequality holds. 

The hyperperiod of the task set. H= lcm(r lf 

r 2 r n ). Note that in a harmonic system such as 

DEOS, H= r n . 

th 

They dispatch of t { . Again, in DEOS, r- is an 
aggregate thread. 

The worst case execution time for r^. In classical 
RMS the task set is fixed so C- = C x - for each 
dispatch j where j = 1, . . , H/T { . Note that this 
quantity is computed at each successful 
schedul ability test. 

A short hand notation for C- when C - = C fk for all j, 
ke {1,..., H/T t ). 
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Notation 



Description 



Timel ine 
Slack,- 



Aperiodic 



Time,- 



Idle, 



The value T/Tj for i s> j. n^- is the number of times 
T;Will execute during one period defined by T { . For 
a harmonic system, all n^ are integers. 
The level i slack in the interval [0, y • 7}] assuming 
all periodic processes take their worst case 
execution time to complete. 

The dispatch identifier of the next instance of r { to 
complete. If r { is in state Completed-ForltsPeriod, 
this is the next instance, otherwise it is the 
current instance. This value must be maintained at 
runtime. When aggregate threads are supported, one 
state variable per thread may be necessary . 
The amount of level i or higher aperiodic time that 
has been consumed since the beginning of the 
hyperperiod. This includes all time consumed by 
aperiodic task of priority 1, t, where periodic 
process overrun can be considered aperiodic process 
computation time. There is an implicit time 
argument, so Aperiodic Time,— Aperiodic Time/t). 
Level i idle time that has occurred since the 
beginning of the hyperperiod. This is all the time 
not spent processing tasks of priority % or higher. 
In other words, it is all the time spent processing 
tasks (periodic, aperiodic or idle) of priority z+1, 
. . . , n,n+l where n is the number of rates in the 
system, and level n+1 is the idle process. There is 
an implicit time argument, so Idle,- = Idle f (t). 
The dispatch identifier of r { or equivalently the 
period identifier of T { . There is an implicit time 
argument, so y { (t) = y { . 

The amount of level i - 1 slack available in [0,y • 
7}] which is the amount of time available for 
processing tasks at level / - 1 without causing r 1( 

r 2 t { to miss any of their deadlines in that 

interval . 
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Thread Services 



Description 



createThread 



startThread 



startTh reads 



restartThread 

kil IThread 
stopThread 

waitUnti INextPeriod 



restartProcess 

createMutex 

lockMutex 

unlockMutex 

resetMutex 

waitForEvent 

pulseEvent 



Creates a new thread. If the thread is 
dynamic, it also starts the thread. 
Schedules to have the (static) thread 
started at the beginning of the next period 
defined by the threads rate, after the 
start service has completed. 
Schedules to have the set of threads 
started at the beginning of each of their 
respective periods defined by their rates, 
after the start threads service has 
completed. 

An active thread is restarted from the 
beginning. 

An active dynamic thread is deactivated. A 
stopped static thread is also deactivated. 
This routine is newly added. Static threads 
must first be stopped before they can be 
killed. 

The calling thread is suspended until the 
start of its next period where it resumes 
execution. Other threads queued at a mutex 
that the calling thread holds will be 
dequeued. 

All the process' threads, mutexes and 

events are killed. The process 1 PRIMARY 

THREAD is restarted. 

Creates a mutex that can be accessed by 

multiple threads in the calling thread's 

process. 

The calling thread is granted the lock if 
the mutex is unlocked and queues if wait ok 
is true. 

A thread releases its lock on a mutex and 
the lock is granted to the highest priority 
thread (if any) waiting. 
All threads queued at the mutex are 
dequeued (including an executing thread). 
The calling thread is suspended until the 
event is pulsed. 

All threads currently waiting for the 
pulsed event will transition from state 
suspended to state ready. 

FIG.20F 



Notation 



Description 



The aggregate of threads with priority level z. We 
call r { an aggregate thread. 

The number of distinct rates allowed in the system. 

This number is fixed between coldstarts. 

The y th thread of priority level i. Even though there 

is no explicit ordering of threads within a priority 

level, it is convenient to do so for the sake of 

reference. 

The time between dispatches of r-. We assume without 
loss of generality that 7± < T 2 < ... < T n . 
The period identifier. At time t where t € [0,//], 
Y t -(t) = Y f = [t//fl- 

The number of active threads forming r { at time t. For 
ease of exposition, the t is often omitted and refers 
to the current period of T { so m-(t) = m f . Note that 
there is a time lag between thread creation and thread 
activation. 

A temporary value for m i when threads will but have 
not yet become (de)acti vated. 

The worst case budget times summed over all threads 



m f -(t) 



m' 



*t\j 



2 

c 

u 



B 



forming r { . 

The value T { /Tj for i > j. n^- is the number of times Tj 

will execute during one period defined by T { . 

The primary budget of process k, k e {1, . .., p}. p = 

number of active processes. Note that a process can be 

active and have its primary thread stopped, in which 

case some portion of its budget is available as 

timeline slack. This is poor notation actually since 

the set of active processes changes. 

The set of all processes whose unallocated primary 

budgets are available for slack. 

The sum of the Ck w1th budgets available for slack. £ 

= s k e sCk* 

System level utilization reserved for blocking times. 
A feasibility test is always of the form U * 1 - U B . 
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Notation 



Description 



A,- (also 



Timeline 
Slack,-) 



AA, y 



Qk 



Aperiodic 
Time/t) 



Idlest) 



£ t (t) 



is the amount of timeline slack that was made available 
from processes with inactive primary thread budgets with 
rate i at time yft)T { . Note: A t - is not cumulative since the 
beginning of the hyperperiod. Also, in the current release 

of DE0S.it is always true that Ay = 0 for ye {2 n} . 

The vector (A 1( A 2 A n ) which is maintained at run-time. 

The amount to change rate A,- the next time the start of 
periods defined by Tj and 7} coincide. It will be the case 
that for i > j, AA^ = 0. Values of AA^- are updated to 
reflect user thread (de)activation requests at level i with 
an inactive primary thread at level j. Note also that if 
there are no primary threads active at rate i, then AA^- = 

ovy. 

The number of threads in aggregate thread r t - for i = 1 

n . m i = m,( t ) . 



The k th thread in r { . for k = 1 

The budget of t,- k . Set when t lk is created. 
The actual execution time of t lk for the current dispatch. 
If the current dispatch has completed then it is the total 
time that dispatch of t lk took to execute. 0 <; £ £k <, /? lk . 
A boolean value indicating r/s activation status. If r { is 
active. E { = TRUE otherwise E i = FALSE. This value is 
maintained at runtime. 

The amount of level i aperiodic time consumed in [Y,-(t)7}. 
t]. For simplicity, we denote AperiodicTime t (t) = 
AperiodicTime,-. 

The amount of "level" i idle time (i.e. time spent running 

the idle process) in [Y,(t)7;-. t] no longer available to 

slack. For simplicity we denote Idlest) = Idle,-. 

a conservative estimate of the amount of level i idle time 

that is lost as level i reclaimed slack due to sitting 

idle. 

The amount of slack reclaimed by completing for period at 
level i in [Y,-(t)7;.. t]. 

The period identifier for T { . For ie {1,2 n}. Y,(t)= 

[t/7}]. Alternatively, one can think of y,- as the dispatch 

identifier for x { , y { e {0.1 HI T { - 1}. 

A conservative value of the amount of level k slack 
available that can be carried over to the next period T k . 



m 
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CurlD(i) 



USys 



AUSys(L.n) 



This is associated with the system, and uniquely 
identifies the period T { . Comparisons of the form 
P.ReqlD(i) ^ CurlD(i) will appear in the algorithms. 
Sometimes these will be abbreviated P.y i <; Yr where 
uniqueness is understood. See comments in the text about 
counter roll over. 

System utilization allocated to active processes, 
including pending requests for creation/activation and 
deletion/deactivation. Note that USys does not 
necessarily reflect the current utilization allocated to 
active processes. 

Changes to the actual process utilization allocated to 
active processes that will take place at the next period 
boundary of T { , at level i. 



n^t) 



B r /t) 



B^Ct) 



The remainder of full 7j- periods remaining in the current 
(relative to t) 7} period. In symbols, n r ; | t (t) = [((v,-(t) 
+ 1)7} - t)/Tj]. 

The remainder of any unused fixed budgets belonging to 

ISR threads at rates 1 j in the interval [t.CyyCt) + 

1)7}]. 

The sum total of all fixed budgets belonging to ISR 

threads at rates 1 j in any T- period. In this 

release of DEOS, if B(t) is the worst case "aggregate" 
ISR fixed thread budget (at time : t, since ISR threads 
can be killed/created), B^t) = n|]B(t), a quantity that 
should be easy to maintain at runtime. 
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Notation 



Description 



UserBudget 



MaxBudget 



Rate 



Active 



ProcActi ve 



ReqIDU) 



ABudgetReq(i) 



The total amount of time (normalized by the process' 
primary thread's period) allocated to active users 
within the process. UserBudget will never exceed 
MaxBudget, which is the process' entire budget. 
UserBudget reflects any pending changes indictated by 
ABudgetReq. Consequently, UserBudget is not 
necessarily the current value of the process' budget 
assigned to user thread. But that value can be 
computed . 

The process' total budget, normalized by the period of 
its primary thread. The term budget is somewhat 
misleading. Utilization is a more descriptive term. 
The rate at which the highest priority thread 
(including the process' primary thread) runs. Note that 
no user thread of a process p will have a rate higher 
than the process' primary thread. It is TBD whether 
there is benefit in having a primary thread with rate 
higher than any of its users. Rate takes on one of the 

values 1 n, with 1 the highest rate, and n the 

slowest rate. 

A boolean value set to TRUE when the primary thread is 
active and false when the primary thread is inactive. 
When p. Active is FALSE, the primary thread's budget is 
made available as timeline slack. 

A boolean value set to TRUE when the process (not just 
its primary thread) is active, otherwise it is FALSE, 
-i P. ProcActi ve => -. P. Active (regardless of its value). 
This uniquely represents the most recent time a request 
for user thread (de)acti vation has been made at level 
i. Note: it is not sufficient to use y { since these 
table values are not updated "periodically", but only 
when other (de)acti vations take place after the 
requests have been processed. 
We sometimes denote P.ReqlD(i) by P. y { where it is 
understood that P.y { uniquely defines the request 
period T { . 

This is the amount of change in allocated budget at 
level i that either will or did occur at time (ReqID/t) 
+ 1)7}. If the change hasn't yet occurred, subsequent 
requests might change this value. 



FIG. 201 



Notation 



Description 



ComputeTi me 



CT 

ExecTime 
ET 

TimeSl ice 



TS 



ExecutingOnSlack 



The total compute time allocated to the thread. A 

timeout will be enforced to ensure that a thread 

does not exceed its worst case compute time. 

An abbreviation for ComputeTi me. 

The total time spent executing so far. This time is 

updated at each thread preemption or suspension. 

An abbreviation for ExecTime. 

The amount of time a thread is allowed to execute 

prior to a hardware timeout. Examples of timeouts 

are maximum mutex execution times and maximum 

available slack consumption before thread 

suspension. 

An abbreviation for TimeSl ice. 
A boolean, denoted by E i for aggregate thread 
which is true if all threads at rate i have a 
value for CompletedForltsPeriod and false 
otherwise. 

A boolean value which is true when a thread's 
current budget has been taken from the slack pool 
and false when it is a part of its fixed budget. 



true 
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Notation 


uescri pti on 


Slack 


A record perhaps indexed by slack level (depending 
on the slack consumption algorithms) containing the 
amount of slack reclaimed at level i, and the most 
recent period T { during which it was reclaimed. 


Slack.Y,- 
Slack.flt,- 

Slack U- 


The identifier of the most recent T { period during 

which level i slack was consumed, i e {0 H/T { - 

1}. This attribute is not used in the maximal 
update set of algorithms. 

The amount of slack reclaimed by completing (early) 
for period at level i within the "current" period 

defined by y { . Slack. 9^- is set to zero at every 
period boundary defined by T { . 

An abbreviation for Slack. <R it which works only when 
the slack record is not indexed. 
The amount of unused slack at level i that has been 
carried forward at time y^t)T { . Slack. U { is 
recalculated at every period boundary defined' by 

n 

An abbreviation for Slack. U v which again works 
only when the slack record is not indexed. 


Slack(_/) 


The slack record associated with a slack consuming 
thread (if any) at level j. In this situation, slack 

lilaUc ava 1 laUlc dL Lilt: niyricr laLtJb lb a 1 lULdLtru 

directly to high rate slack consumers, without 
taking away (or recalculating) slack previously 
allocated to low rate slack consumers. This record 
is not used in the maximal update set of 
algorithms . 
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